Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

03d9e3a027...18.xls

windows7-x64

10

03d9e3a027...18.xls

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2024, 10:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03d9e3a027330b60fd6031b1fc953a7f_JaffaCakes118.xls

  • Size

    36KB

  • MD5

    03d9e3a027330b60fd6031b1fc953a7f

  • SHA1

    daa8f83013bcf88add2685d1a5e85e4dd15ede51

  • SHA256

    51fcccedc24aa82da75f648c8d8c2e64a8bf00da140936dc461698a344b77b82

  • SHA512

    c7fef77e5e2633184c385525116ea40a8b282bfc8bbef0e6cd55333570ea28a53846cf8acda78df679273ffe4320e81f296db4f4e7b48ac370dc233e70549f0a

  • SSDEEP

    768:sPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJFUbeRvSz/h8X0egJgwa:4ok3hbdlylKsgqopeJBWhZFGkE+cL2Ng

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\03d9e3a027330b60fd6031b1fc953a7f_JaffaCakes118.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Windows\explorer.exe
      explorer.exe C:\Users\Public\Documents\qNN8ZK.vbs
      2⤵
      • Process spawned unexpected child process
      PID:2904
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2832
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\qNN8ZK.vbs"
      2⤵
      • Blocklisted process makes network request
      PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\Documents\qNN8ZK.vbs
    Filesize

    572B

    MD5

    9f33128b242d44c39efea44c7755c205

    SHA1

    a9536cc93bbbcaa3097249d76619ed47f400b642

    SHA256

    1caea4ddf5221347056e13696fd535688d1af4701a38e731b59529ff3385c6e2

    SHA512

    3ce8a73769409113f908ed45ef060d7f2a30cbba562e46317d771e64b9486752e7fc72ae58914def56562e6e5e2c4e53ca27e1eabdc05ed27329c506aebca8ae

    Download Submit

  • memory/1200-12-0x00007FFD3C240000-0x00007FFD3C250000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1200-7-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-3-0x00007FFD3E990000-0x00007FFD3E9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1200-5-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-4-0x00007FFD3E990000-0x00007FFD3E9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1200-6-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-0-0x00007FFD3E990000-0x00007FFD3E9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1200-8-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-10-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-9-0x00007FFD3C240000-0x00007FFD3C250000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1200-2-0x00007FFD3E990000-0x00007FFD3E9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1200-11-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-17-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-14-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-15-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-16-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-13-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-18-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-19-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-20-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-21-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-22-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1200-1-0x00007FFD3E990000-0x00007FFD3E9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1200-34-0x00007FFD7E910000-0x00007FFD7EB05000-memory.dmp

    Filesize

    2.0MB

    Download